-
**Describe the feature request**
Include container signatures and verification as part of Istio WASM adoption. The WASM extension will soon be supporting fetching OCI images, this proposal is to add …
-
After merging today's bot PRs, ~~some of which included serde bumps~~, some policies are failing on the release job when running e2e tests.
### Acceptance criteria
1. Investigate why the e2e tes…
-
## Problem Description
Although reusable workflows are [now supported](https://github.com/ossf/scorecard-webapp/issues/300), when using the Scorecard Action I hit an edge case at the [branch verifi…
lelia updated
7 months ago
-
Summarizing a thread on Slack:
Currently, when users sign with Sigstore via the GitHub IdP (i.e., federated through Dex), they get an identity token that's bound to the primary email identity for t…
-
**Description**
Since Cosign 1.10.1, the ability to perform a `cosign verify-attestation` on a keyless-signed image containing attestations of multiple predicate types returns `main.go:62: error …
-
**Description**
The following issue affects the TUF client implemented in [sigstore/sigstore/pkg/tuf](https://github.com/sigstore/sigstore/blob/main/pkg/tuf/client.go).
An application using t…
-
**Description**
In the next root-signing, we'll be migrating targets for `fulcio` under a `fulcio` subdirectory, and `rekor` under a `rekor` subdirectory (and keeping old targets for compatibility …
-
I would like us to consider what would it look like where we are no longer experimental and can cut a release a 1.0.
Aspects to consider...
Do we have API stability? Are we performing conformanc…
-
[Error: InternalError: error creating signing certificate
FetchError: network timeout at: https://fulcio.sigstore.dev/api/v2/signingCert](https://github.com/ukd1/canonical-rails/actions/runs/10297484…
-
👋 I've been looking at the [v1 actions spec](https://github.com/slsa-framework/github-actions-buildtypes/tree/main/workflow/v1) to see what we want to include in the provenance statement generated by…